DOP-C01 (Page 15)

A company is building a web and mobile application that uses a serverless architecture powered by AWS Lambda and Amazon API Gateway.The company wants to fully automate the backend Lambda deployment based on code that is pushed to the appropriate environment branch in an AWS CodeCommit repository.The deployment must have the following:• Separate environment pipelines for testing and production• Automatic deployment that occurs for test environments onlyWhich steps should be taken to meet these requirements?Read More →

A company wants to migrate a legacy application to AWS and develop a deployment pipeline that uses AWS services only.A DevOps engineer is migrating all of the application code from a Git repository to AWS CodeCommit while preserving the history of the repository.The DevOps engineer has set all the permissions within CodeCommit, installed the Git client and the AWS CLI on a local computer, and is ready to migrate the repository.Which actions will follow?Read More →

A company has multiple development groups working in a single shared AWS account.The senior manager of the groups wants to be alerted via a third-party API call when the creation of resources approaches the service limits for the account.Which solution will accomplish this with the LEAST amount of development effort?Read More →

A DevOps engineer is deploying an AWS Service Catalog portfolio using AWS CodePipeline.The pipeline should create products and templates based on a manifest file in either JSON or YAML, and should enforce security requirements on all AWS Service Catalog products managed through the pipeline.Which solution will meet the requirements in an automated fashion?Read More →

A company’s DevOps engineer is working in a multi-account environment.The company uses AWS Transit Gateway to route all outbound traffic through a network operations account.In the network operations account, all account traffic passes through a firewall appliance for inspection before the traffic goes to an internet gateway.The firewall appliance sends logs to Amazon CloudWatch Logs and includes event severities of CRITICAL, HIGH, MEDIUM, LOW, and INFO.The security team wants to receive an alert if any CRITICAL events occur.What should the DevOps engineer do to meet these requirements?Read More →

An application has microservices spread across different AWS accounts and is integrated with an on-premises legacy system for some of its functionality.Because of the segmented architecture and missing logs, every time the application experiences issues, it is taking too long to gather the logs to identify the issues.A DevOps Engineer must fix the log aggregation process and provide a way to centrally analyze the logs.Which is the MOST efficient and cost-effective solution?Read More →

A DevOps engineer needs to grant several external contractors access to a legacy application that runs on an Amazon Linux Amazon EC2 instance.The application server is available only in a private subnet.The contractors are not authorized for VPN access.What should the DevOps engineer do to grant the contactors access to the application server?Read More →

A video-sharing company stores its videos in Amazon S3.The company has observed a sudden increase in video access requests, but the company does not know which videos are most popular.The company needs to identify the general access pattern for the video files.This pattern includes the number of users who access a certain file on a given day, as well as the number of pull requests for certain files.How can the company meet these requirements with the LEAST amount of effort?Read More →

A company is migrating Docker repositories to Amazon Elastic Container Registry (Amazon ECR) in an existing AWS account.A DevOps engineer needs to automate the management of images that are uploaded to the repositories.The solution must limit the number of image versions.As a first step, the DevOps engineer creates a private repository in Amazon ECR for each repository that the company will migrate.What should the DevOps engineer do next to meet the requirements in the MOST operationally efficient manner?Read More →

A company has a single AWS account that runs hundreds of Amazon EC2 instances in a single AWS Region.New EC2 instances are launched and terminated each hour in the account.The account also includes existing EC2 instances that have been running for longer than a week.The company’s security policy requires all running EC2 instances to use an EC2 instance profile.If an EC2 instance does not have an instance profile attached, the EC2 instance must use a default instance profile that has no IAM permissions assigned.A DevOps engineer reviews the account and discovers EC2 instances that are running without an instance profile.During the review, the DevOps engineer also observes that new EC2 instances are being launched without an instance profile.Which solution will ensure that an instance profile is attached to all existing and future EC2 instances in the Region?Read More →